Now that we’re in 2016, more than two decades after the advent of the Internet as we know it, we have a general idea of the best industry practices for security. There are known threats, means for assessing risks and proven technical controls and sound methodologies for managing it all.
Given the latest news and trends coming out of this year’s 25th annual RSA Conference, what security issues should you be concerned with in the enterprise this year?
Concerns Arise at the Conference
One of the greatest areas of concern is not knowing what you don’t know. Security intelligence and analytics was a major theme of the RSA Conference this year and for good reason. So many people in charge of security know what needs to be done: Gather good information so that actionable security decisions can be made and risks can be reduced.
The real challenge is all the information that’s available on any given network; it’s overwhelming. From server logs and mobile usage to all the information that’s leaking out to the cloud and vendors you transact with on a daily basis, how do IT and security professionals keep up?
The answer lies in knowing what you need and then relying on good tools and people to sift through the noise so risks can be properly analyzed. Rather than merely doing what’s assumed to be the best practice or whatever an outside party wants you to do, you have to think about the best approach for your business based on your unique requirements.
Another considerable area of concern and a core focus of RSA USA 2016 is the Internet of Things (IoT). These connected things are everywhere. They’re either on your network right now or they’re impacting your sensitive business information and assets in some tangential way through remote users, business partners or your own customers.
What are you doing about it? How does IoT affect your existing security program? What other security standards, policies and controls need to be put in place to keep things in check? Make IoT part of your security discussion starting now before you’re forced to.
RSA Focuses on Encryption
Finally, a key risk and topic of discussion at the RSA Conference this year was encryption. Keynote presenter Brad Smith, Microsoft’s president and chief legal officer, said, “The path to hell starts at the back door. We need to ensure that encryption technology stays strong.” You need to step back and assess how your critical assets (e.g., information and systems) fit into this discussion.
Storage security is part of this; so is information in transit. Everything your business depends on, especially its intellectual property, is hanging in the balance.
Information protection is not the sole responsibility of the government. But it will be if IT and security professionals, along with their business executives and legal counsel, don’t stand up and make their voices heard and do what’s right to keep their own systems in check.
The information security essentials we’ve known about for decades haven’t changed. Most organizations still need some serious discipline in order to have a resilient information security program. Business and the technologies we’ve become dependent on have evolved, so we have to be cognizant of how everything fits together.
Whether it’s 2016 or 2026 and beyond, it’s up to all of us to ensure that we’re doing our best to address what’s important and move past what’s not. Otherwise, we’ll continue on in the same old rut.
Independent Information Security Consultant